If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hello Guest,Our records indicate that you have never posted to our site before! Why not make your first post today by saying hello to our community in our Introductions forum.

Please review the forums rules, start with your first post today and become an active part of petri.co.il forums now!

Problem connecting TS clients who are not members of admin group

30th June 2008, 15:33

Hi,
I am running Windows Server 2008 with Terminal Services (within the 120 day grace period). I have added domain users to the Remote Desktop Users group.
They are not members of the admin group. I have tried to connect as one of those users and I keep getting an error that the user needs to be added to the Remote Desktop Users group that has access to the Terminal Server by default. Or the Remote Desktop Users group needs to be given the right to logon to the Terminal Server and this must be done manually. All admins connect fine (locally and remotely). What could I be doing wrong?

Comment

Yes I have installed the TS role. However I'm not sure what you mean by Remote Administrator mode vs Terminal Server Mode. If your refering to Remote Desktop mode rather Terminal Services mode, thats a possibility, but what should I do? I'm a little lost.

Comment

Remote administrator mode is a basic RDP connection built into windows server that will allow only 2 connections at a time to your server (3 if you use the /console or /admin switch on your RDP client)

This mode does not require any additional CALS from Microsoft and is used primarily for administering the server remotely.

Terminal service mode: is usually used to refer to a full blown TS server with extra CALS and such for allowing many simultaneous users, It also allows the use of such features as TS GATEWAY and TS WEB APP's

Stacey Smith
Sr. Systems Engineer

The rule is perfect: in all matters of opinion our adversaries are insane --Samuel Clemens

Comment

Thanks so much but, If I am running within the 120 day grace period, should I be able to connect clients without installing TS Licensing that are not members of the admin group but are in fact part of the "Remote Desktop Users" group?

Comment

120 grace period it is refering to the application mode (TS Mode) to allow multiple connections to the server.

I have had this problem before but it was with 2003 TS, what I did to fix the issue was more complex via GPO but I will give you the right direction (simple fix) for now.

on the TS run secpol.msc goto local policys and the user rights, you will see allow logon through terminal services, make sure that that administrators and remote desktop users are there.

If they are not there then that is your problem, but if they are there, then that policy basically needs to be recreated. Its best to make a GPO on specfic to that TS server, and put only domain admins there, make sure it works then disable that policy back to default and let it recreat the default and things should work from there.

Also make sure that in "Terminal Services Configuration" that the RDP group has permissions set up. That should be okay unless it has been tampered with.